summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/ldap_common.c')
-rw-r--r--src/providers/ldap/ldap_common.c114
1 files changed, 64 insertions, 50 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 890e7a4a4..7d52e739a 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx,
if (ret != EOK) {
goto done;
}
- DEBUG(6, "Option %s set to %s\n",
+ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
opts->basic[search_base_options[o]].opt_name,
dp_opt_get_string(opts->basic,
search_base_options[o]));
}
}
} else {
- DEBUG(5, "Search base not set, trying to discover it later when "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Search base not set, trying to discover it later when "
"connecting to the LDAP server.\n");
}
@@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx,
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
if (pwd_policy == NULL) {
- DEBUG(1, "Missing password policy, this may not happen.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Missing password policy, this may not happen.\n");
ret = EINVAL;
goto done;
}
if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) {
- DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unsupported password policy [%s].\n", pwd_policy);
ret = EINVAL;
goto done;
}
@@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
CONFDB_PAM_CRED_TIMEOUT, 0,
&offline_credentials_expiration);
if (ret != EOK) {
- DEBUG(1, "Cannot get value of %s from confdb \n",
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n",
CONFDB_PAM_CRED_TIMEOUT);
goto done;
}
@@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
* entries must not be purged from cache.
*/
if (!offline_credentials_expiration && account_cache_expiration) {
- DEBUG(1, "Conflicting values for options %s (unlimited) "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Conflicting values for options %s (unlimited) "
"and %s (%d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
CONFDB_PAM_CRED_TIMEOUT,
@@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
}
if (offline_credentials_expiration && account_cache_expiration &&
offline_credentials_expiration > account_cache_expiration) {
- DEBUG(1, "Value of %s (now %d) must be larger "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger "
"than value of %s (now %d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
account_cache_expiration,
@@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
if (ldap_deref != NULL) {
ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
if (ret != EOK) {
- DEBUG(1, "Failed to verify ldap_deref option.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
goto done;
}
}
@@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
if (ldap_referrals) {
- DEBUG(1, "LDAP referrals are not supported, because the LDAP library "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "LDAP referrals are not supported, because the LDAP library "
"is too old, see sssd-ldap(5) for details.\n");
ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false);
}
@@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
default_netgroup_map = netgroup_map;
default_service_map = service_map;
} else {
- DEBUG(0, "Unrecognized schema type: %s\n", schema);
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema);
ret = EINVAL;
goto done;
}
@@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx,
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
if (ret != EOK) {
- DEBUG(1, "sss_krb5_try_kdcip failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE);
if (authtok_type != NULL &&
strcasecmp(authtok_type,"obfuscated_password") == 0) {
- DEBUG(9, "Found obfuscated password, "
+ DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, "
"trying to convert to cleartext.\n");
authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK);
if (authtok_blob.data == NULL || authtok_blob.length == 0) {
- DEBUG(1, "Missing obfuscated password string.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n");
return EINVAL;
}
ret = sss_password_decrypt(memctx, (char *) authtok_blob.data,
&cleartext);
if (ret != EOK) {
- DEBUG(1, "Cannot convert the obfuscated "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated "
"password back to cleartext\n");
return ret;
}
@@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob);
talloc_free(cleartext);
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
return ret;
}
ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE,
"password");
if (ret != EOK) {
- DEBUG(1, "dp_opt_set_string failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
return ret;
}
}
@@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
return;
}
@@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
- DEBUG(1, "FATAL: No hostent available for server (%s)\n",
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server));
talloc_free(tmp_ctx);
return;
@@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr,
fo_get_server_port(server));
if (sockaddr == NULL) {
- DEBUG(1, "resolv_get_sockaddr_address failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
talloc_free(tmp_ctx);
return;
}
if (fo_is_srv_lookup(server)) {
if (!tmp) {
- DEBUG(1, "Unknown service, using ldap\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n");
tmp = SSS_LDAP_SRV_NAME;
}
srv_name = fo_get_server_name(server);
if (srv_name == NULL) {
- DEBUG(1, "Could not get server host name\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n");
talloc_free(tmp_ctx);
return;
}
@@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
}
if (!new_uri) {
- DEBUG(2, "Failed to copy URI ...\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n");
talloc_free(tmp_ctx);
return;
}
- DEBUG(6, "Constructed uri '%s'\n", new_uri);
+ DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri);
/* free old one and replace with new one */
talloc_zfree(service->uri);
@@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev,
ret = remove_krb5_info_files(se, realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
orderly_shutdown(0);
@@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx,
sig_realm = talloc_strdup(mem_ctx, realm);
if (sig_realm == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
return ENOMEM;
}
sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize,
sig_realm);
if (sige == NULL) {
- DEBUG(1, "tevent_add_signal failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
talloc_free(sig_realm);
return ENOMEM;
}
@@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt)
ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ctx->kdc_service_name);
if (ret != EOK) {
- DEBUG(1, "be_fo_run_callbacks_at_next_request failed, "
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
@@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt)
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "talloc_new failed, cannot remove krb5 info files.\n");
return;
}
ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
if (ret != EOK) {
- DEBUG(1, "remove_krb5_info_files failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
}
talloc_zfree(tmp_ctx);
@@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx);
if (ctx == NULL) {
- DEBUG(1, "talloc_zfree failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
return ENOMEM;
}
@@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
ctx->realm = talloc_strdup(ctx, realm);
ctx->kdc_service_name = talloc_strdup(ctx, service_name);
if (ctx->realm == NULL || ctx->kdc_service_name == NULL) {
- DEBUG(1, "talloc_strdup failed!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ret = ENOMEM;
goto done;
}
@@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
sdap_remove_kdcinfo_files_callback,
ctx, NULL);
if (ret != EOK) {
- DEBUG(1, "be_add_offline_cb failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
goto done;
}
@@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
krberr = krb5_init_context(&context);
if (krberr) {
- DEBUG(2, "Failed to init kerberos context\n");
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n");
goto done;
}
krberr = krb5_get_default_realm(context, &krb5_realm);
if (krberr) {
- DEBUG(2, "Failed to get default realm name: %s\n",
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n",
sss_krb5_get_error_message(context, krberr));
goto done;
}
@@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
realm = talloc_strdup(mem_ctx, krb5_realm);
krb5_free_default_realm(context, krb5_realm);
if (!realm) {
- DEBUG(0, "Out of memory\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n");
goto done;
}
- DEBUG(7, "Will use default realm %s\n", realm);
+ DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm);
done:
if (context) krb5_free_context(context);
return realm;
@@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
if (krb5_opt_realm == NULL) {
- DEBUG(2, "Missing krb5_realm option, will use libkrb default\n");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Missing krb5_realm option, will use libkrb default\n");
krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
if (krb5_realm == NULL) {
- DEBUG(0, "Cannot determine the Kerberos realm, aborting\n");
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Cannot determine the Kerberos realm, aborting\n");
ret = EIO;
goto done;
}
@@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
SDAP_KRB5_USE_KDCINFO),
&service);
if (ret != EOK) {
- DEBUG(0, "Failed to init KRB5 failover service!\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n");
goto done;
}
ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm);
if (ret != EOK) {
- DEBUG(0, "Failed to install sigterm handler\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
goto done;
}
ret = sdap_install_offline_callback(mem_ctx, bectx,
krb5_realm, SSS_KRB5KDC_FO_SRV);
if (ret != EOK) {
- DEBUG(0, "Failed to install sigterm handler\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
goto done;
}
@@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL);
if (ret != EOK) {
- DEBUG(1, "Failed to parse server list!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n");
goto done;
}
@@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
}
if (!dns_service_name) {
- DEBUG(0, "Missing DNS service name for service [%s].\n",
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Missing DNS service name for service [%s].\n",
service_name);
ret = EINVAL;
goto done;
@@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx,
dns_service_name, NULL,
BE_FO_PROTO_TCP, false, srv_user_data);
if (ret) {
- DEBUG(0, "Failed to add server\n");
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
goto done;
}
- DEBUG(6, "Added service lookup\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n");
continue;
}
ret = ldap_url_parse(list[i], &lud);
if (ret != LDAP_SUCCESS) {
- DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]);
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to parse ldap URI (%s)!\n", list[i]);
ret = EINVAL;
goto done;
}
if (lud->lud_host == NULL) {
- DEBUG(2, "The LDAP URI (%s) did not contain a host name\n",
+ DEBUG(SSSDBG_OP_FAILURE,
+ "The LDAP URI (%s) did not contain a host name\n",
list[i]);
ldap_free_urldesc(lud);
continue;
}
- DEBUG(6, "Added URI %s\n", list[i]);
+ DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]);
talloc_steal(service, list[i]);
@@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d)
errno = 0;
l = strtol(s, &endptr, 10);
if (errno != 0) {
- DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "strtol failed [%d][%s].\n", errno, strerror(errno));
return errno;
}
if (*endptr != '\0') {
- DEBUG(1, "Input string [%s] is invalid.\n", s);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s);
return EINVAL;
}
generated by cgit (git 2.34.1) at 2024-05-25 09:01:50 +0000